200 infosecurity leaders and professionals gathered at the 11th Computerworld Security Summit at Nexus in Kuala Lumpur on 20th April 2017 to delve into getting the balance right with people, processes and technologies.

The evolution of cyber threats, its repercussions for businesses, and the strategic use of technology to predict, prevent, manage and recover from cyberattacks were major points of discussions during the 11th Computerworld Malaysia Security Summit held at Connexion@Nexus, Kuala Lumpur on 20 April 2017.

"Digital technology is the key driver to Malaysia's transformation," declared CyberSecurity Malaysia chief executive officer Dato' Dr Haji Amirudin bin Abdul Wahab in his keynote opening address. "The Internet of Things (IoT) is bringing on more devices and more connectivity, but also opens up more vulnerabilities with new avenues for more advanced and disastrous cyberattacks that can turn the Internet of Things into the Internet of Threats."

"A new approach is required to address advanced persistent threats and the new breed of cyberattacks. Malaysian organisations cannot just depend on the traditional cybersecurity approach to protect themselves - these are important but not sufficient as they leave significant gaps in cyberdefences," he continued.

CIMB Bank Berhad managing director and head, Digital Banking, Kanags Surendran concurred that security frameworks had to evolve. "For banks, the security perimeter has expanded beyond the physical perimeters of the old days, and moved towards end-users and the devices they use to access services," he said. "The most vulnerable security point today is the end user and the authentication framework."

"Banks are adding controls on authentication to secure the perimeters. However, these measures effectively compromises usability while not solving the issue," he admitted. "Users are identified based on things they know, things they have rather than who they are. Security needs to be identity-centric, but our identity is broken. Thus, we adopt a layered security approach involving data encryption, fraud management authentication, digital signing and end-point protection, and we try our best to balance usability and security."

To Jupiter Networks consulting SE, Center of Excellence, Alex Cheong, strengthening controls included aligning an organisation's security to its business imperatives through a centrally orchestrated policy.

"Cyberthreats need a network as a medium to traverse across a company. By gathering and distributing threat intelligence across your entire network, and leveraging on cloud economics for real-time analysis, organisations can identify risk sooner, and automatically apply enforcement in real time," said Cheong. "The network can be the single detection and enforcement domain to secure your data, your brand, your business and your company."